Bitcoin Brain Wallets : Hackers’ Heaven!

Since its launch in 2009, Bitcoin has by far been the most successful cryptocurrency, attracting a considerable magnitude of research during the past few years. Just like every other cryptocurrency, authorization of transfer of bitcoins from an account to the other relies on ECDSA digital signatures. The rising popularity of bitcoin, especially among non-tech savvy individuals and populations who have no experience with cryptography based applications, have yielded a substantial number of users struggling to deal with private keys.

Brain wallets refer to private cryptographic keys that are despotically derived from passwords. Alternatively to other means for managing bitcoin’s cryptographic keys, such as securing them on a PC, or hardware wallets, brain wallets are much more convenient to users who can spend their coins via simply entering their passwords. Due to the fact that they don’t involve permanent storage of their private keys on a device, brain wallets cannot be phished by malware. However, a brain wallet is a very insecure way to store bitcoins, as an attacker who can successfully guess a user’s password, can steal them instantly.

Attackers successfully guessing a password can test if it matches any brain wallet via searching for usage of the derived public key on the blockchain, which records all transactions. A recently published paper presented the first large scale analysis of brain wallet usage among bitcoin users. The researchers replicated the password guessing attack via testing candidate passwords non-invasively to detect the ones that have been historically used as a brain wallet bitcoin addresses.

Let’s summarize this study, which includes some interesting results:

How were candidate passwords picked up and used?

The researchers built an enormous group of passwords, which were derived from various online sources. They included previous password leaks, including Yahoo!, Rockyou and LinkedIn; words and derived phrase lists, including Wikiquote and the English Wikipedia; and information derived from bitcoin community forums mainly Bitcointalk.org. Collectively, an average of 300 billion passwords were used in guessing bitcoin’s brain wallets. The used word lists were derived from:

Afterwards, the SHA256 password hash was used as the private key and the matching public key was generated using speedups to the secp256k1 curve library. Then, all unique bitcoin addresses were extracted via znort987’s block parser. All found addresses were then added to a bloom filter for lookup and a list for false positive detection was created. All bitcoin addresses, which were generated from cracked passwords, were compared to the boom filter and positive results were confirmed against the sorted list. After detecting all used bitcoin brain wallet addresses, this information was supplemented by querying these addresses using the blockchain.info API to retrieve accurate timestamps for all transactions.

Results:

The researchers discovered 884 different brain wallets with 845 different passwords beginning from the launch of bitcoin all the way down to August, 2015. Totally, these wallets had 1,806 BTC. Even though most of these brain wallets had small amounts of money (6% of them had what is worth around $100), 10 brain wallets had what is equal to 85% of the total amount.

As a brain wallet’s address is formulated from the password, an attacker could possibly crack the password and drain the wallet of its coins. Interestingly enough, 863 of the found 884 brain wallets were drained by attackers (97.6%) which reflects the insecurity of brain wallets. 50% of the hacked wallets were drained within less than 21 minutes, but almost all wallets were drained within less than 24 hours.

98% of the undermined brain wallets were drained at least once. Precisely, the researchers detected 1,895 separate draining events that hit 863 wallets; 69% were drained only once, 19% were drained twice and 1.9% were drained at least ten times. Drains occur rapidly due to the use of bots, by attackers, to monitor new coins deposited into previously known brain wallets. Also, the attacker will instantly send the coins to his/her address, after finding a vulnerable brain wallet, often with high miners’ fees to tempt them to confirm the transaction quickly.